Previous Topic: Connector-Specific FeaturesNext Topic: RSA Endpoint Property Sheet

Connector GuidesConnectors GuideConnecting to EndpointsRSA ACE (SecurID) ConnectorConnector-Specific FeaturesAcquire an RSA ACE Server Using the User Console

Acquire an RSA ACE Server Using the User Console

You must acquire the RSA ACE server before you can administer it with CA IdentityMinder.

To acquire an RSA ACE server using the User Console

  1. Select Endpoints, Manage Endpoints,Create Endpoint
  2. Select RSA from the drop-down list box on Create a new endpoint of Endpoint Type, and click Ok

    Use the Create RSA Endpoint page to register an RSA ACE server. During the registration process, CA IdentityMinder identifies the RSA ACE server you want to administer and gathers information about it.

  3. After entering the required information, click Submit.

    You are now ready to explore and Correlate the endpoint.

  4. Click Endpoints, Explore and Correlate Definitions, Create Explore and Correlate Definition to explore the objects that exist on the endpoint.

    The Exploration process finds all RSA accounts and groups. You can correlate the accounts with global users at this time or you can correlate them later.

  5. Click OK to start a new definition.
  6. Complete the Explore and Correlate Tab as follows:
    1. Fill in Explore and Correlate name with any meaningful name.

      Click Select Container/Endpoint/Explore Method to click an RSA endpoint to explore.

    2. Click the Explore/Correlate Actions to perform:
      • Explore directory for managed objects—Finds objects that are stored on the endpoint and not in the provisioning directory.
      • Correlate accounts to users—Correlates the objects that were found in the explore function with users in the provisioning directory. If the user is found, the object is correlated with the user. However, you can instead select that you want to assign the account to the existing user (the default user) or create the user.
      • Update user fields—If a mapping exists between the object fields and the user fields, the user fields are updated with data from the objects fields.
  7. Complete the Recurrence tab if you want to schedule when the task to executes.
    1. Click Schedule.
    2. Complete the fields to determine when this task should execute.

      You may prefer to schedule the task to execute overnight to interfere less with routine access of the system.

    Note: This operation requires the client browser to be in the same time zone as the server. For example, if the client time is 10:00 PM on Tuesday when the server time is 7:00 AM, the Explore and Correlate definition will not work.

  8. Click Submit.

To use an explore and correlate definition

  1. In a CA IdentityMinder environment, click Endpoints, Execute Explore and Correlate.
  2. Click an explore and correlate definition to execute.
  3. Click Submit.

    The user accounts that exist on the endpoint are created or updated in CA IdentityMinder based on the explore and correlate definition you created.

Acquire an RSA ACE Server Using the Provisioning Manager

You must acquire the RSA ACE/Server machine before you can administer it with CA IdentityMinder. When acquiring an RSA ACE/Server machine, perform the following steps.

From the Endpoint type task view

  1. Register the machine as an endpoint in CA IdentityMinder.

    Use the RSA ACE (SecurID) Endpoint property sheet to register an RSA ACE/Server machine. During the registration process, CA IdentityMinder identifies the RSA ACE/Server machine you want to administer and gathers information about it.

  2. Explore the objects that exist in the endpoint.

    After registering the machine in CA IdentityMinder, you can explore its contents. Use the Explore and Correlate Endpoint dialog. The Exploration process finds all RSA ACE (SecurID) objects. You can correlate the accounts with global users at this time or you can correlate them later.

  3. Correlate the explored accounts to global users

    When you correlate accounts, CA IdentityMinder creates or links the accounts on an endpoint with global users, as follows:

    1. CA IdentityMinder attempts to match the username with each existing global user name. If a match is found, CA IdentityMinder associates the RSA ACE (SecurID) account with the global user. If a match is not found, CA IdentityMinder performs the next step.
    2. CA IdentityMinder attempts to match the account name with each existing global user's full name. If a match is found, CA IdentityMinder associates the RSA ACE (SecurID) account with the global user. If a match is not found, CA IdentityMinder performs the following step.
    3. If the Create Global Users as Needed button is checked, CA IdentityMinder creates a new global user and associates the RSA ACE (SecurID) account with the global user. If the Create Global Users as Needed button is unchecked, then CA IdentityMinder performs the next step.
    4. CA IdentityMinder associates the RSA ACE (SecurID) account with the [default user] object.